aboutsummaryrefslogtreecommitdiffstats
path: root/visitors.php
diff options
context:
space:
mode:
authorAleteoryx <alyx@aleteoryx.me>2024-08-15 23:15:01 +0100
committerAleteoryx <alyx@aleteoryx.me>2024-08-15 23:15:48 +0100
commit548b65ad73058289812e59ac1cfba1f9b3a17de4 (patch)
tree970f041a9e8b4cef7faf4c919715472260848796 /visitors.php
parent0ca0e4908208a49d17e09f3acac2a7d016d873dc (diff)
downloadvisitors_dot_php-548b65ad73058289812e59ac1cfba1f9b3a17de4.tar.gz
visitors_dot_php-548b65ad73058289812e59ac1cfba1f9b3a17de4.tar.bz2
visitors_dot_php-548b65ad73058289812e59ac1cfba1f9b3a17de4.zip
fix *more* csv escaping issues
Diffstat (limited to 'visitors.php')
-rw-r--r--visitors.php9
1 files changed, 6 insertions, 3 deletions
diff --git a/visitors.php b/visitors.php
index 4073598..b50756f 100644
--- a/visitors.php
+++ b/visitors.php
@@ -503,6 +503,7 @@ session_start(['cookie_lifetime' => 1440]);
function cleanup_post() {
global $config;
+ $ws = ["\r", "\n"];
// error_log(var_export($_POST, true));
if ($config['captcha'] && (@$_SESSION['captcha'] !== htmlentities($_POST['captcha']??''))) {
return "Invalid captcha!";
@@ -510,9 +511,9 @@ function cleanup_post() {
if (isset($_POST['site-or-email'])) {
$_POST['site-or-email'] = trim($_POST['site-or-email']);
if (preg_match('/^(?:https?|gopher|gemini):\/\/(?:www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b(?:[-a-zA-Z0-9()@:%_\+.~#?&\/=]*)$/', $_POST['site-or-email']))
- $_POST['website'] = htmlentities($_POST['site-or-email']);
+ $_POST['website'] = str_replace(["\r", "\n"], "", htmlentities($_POST['site-or-email']));
else if (preg_match('/^[a-zA-Z0-9.!#$%&’*+\/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/', $_POST['site-or-email']))
- $_POST['email'] = htmlentities($_POST['site-or-email']);
+ $_POST['email'] = str_replace(["\r", "\n"], "", htmlentities($_POST['site-or-email']));
else return "Invalid Website URL or E-Mail!";
}
else {
@@ -521,15 +522,17 @@ function cleanup_post() {
if (!preg_match('/^(?:https?|gopher|gemini):\/\/(?:www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b(?:[-a-zA-Z0-9()@:%_\+.~#?&\/=]*)$/', $_POST['website']))
return "Invalid Website URL!";
$_POST['website'] = htmlentities($_POST['website']);
+ $_POST['website'] = str_replace(["\r", "\n"], "", $_POST['email']);
}
if (isset($_POST['email']) && $_POST['email'] !== '') {
$_POST['email'] = trim($_POST['email']);
if (!preg_match('/^[a-zA-Z0-9.!#$%&’*+\/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/', $_POST['email']))
return "Invalid E-Mail!";
$_POST['email'] = htmlentities($_POST['email']);
+ $_POST['email'] = str_replace(["\r", "\n"], "", $_POST['email']);
}
}
- $_POST['name'] = htmlentities($_POST['name']);
+ $_POST['name'] = str_replace(["\r", "\n"], "", htmlentities($_POST['name']));
$_POST['message'] = implode('<br />', explode("\n", htmlentities($_POST['message'])));
if (mb_strlen($_POST['name']) > 128)